Skip to content

danixland/Slackware-Pentesting-Suite

Repository files navigation

Sl (hack) ware

a Slackware GNU/Linux Pentesting Suite

The aim of this project is to bring a curated collection of programs, tools, libraries and various utilities, packaged (some packages are way too big, sorry) and ready to be installed on Slackware.

Why Slackware

Because it's the best distro ever.

We have Kali and/or Parrot

Yes, but I prefer Slackware.

Packages List

This list is ever growing, if you want to ask for a package to be prioritized, just open an issue

Legend: ✅ yes / available / build-tested   ❎ not on SlackBuilds.org   ❔ not yet tested

Package Name SlackBuilds.org available Upstream Version Tested -current Tested -stable
SecLists danielmiessler/SecLists 2026.1
ffuf ffuf/ffuf 2.1.0
gobuster OJ/gobuster 3.8.2
hashcat hashcat.net 7.1.2
john openwall.com 1.9.0
exploitdb exploit-db.com 2026-04-30
cadaver notroj/cadaver 0.28
nuclei projectdiscovery/nuclei 3.8.0
feroxbuster epi052/feroxbuster 2.13.1
netexec Pennyw0rth/NetExec 1.5.1
windows binaries kali.org 0.6.10
webshells kali.org 1.1
metasploit framework metasploit.com 6.4.133

Important

The exploitdb package pulls also the binsploits which consists of 1.1Gb of exploits.

Note

There's a metasploit package on slackbuilds.org but is an older version (last updated in 2022). I'll contact the mantainer and ask to transfer it to me and I'll update it.

The cadaver package is available on slackbuilds.org but it's for an older version. I've reported here the script and built the newest version. The slackbuild includes now a pull from the notroj/neon repository which is usually not allowed for SlackBuilds that are uploaded to slackbuilds.org

The Powershell package is available on slackbuilds.org without modifications necessary so I removed it.

Git Hooks

This repo ships maintainer git hooks under .extras/hooks/. After cloning, install them with:

cp .extras/hooks/* .git/hooks/ && chmod 0755 .git/hooks/{pre,post}-commit
  • pre-commit lints each changed package with sbolint and blocks the commit on errors. It also refuses staged source archives (these are fetched with sbodl, never committed). Bypass linting with SBOLINT=no git commit.
  • post-commit offers to build an SBo submission tarball (SBo/<package>.tar.gz) for any added or updated package. To answer the prompt non-interactively, set SBO_ARCHIVE=yes or SBO_ARCHIVE=no in the environment.

Building an SBo archive on demand

.extras/mksboarchive <package> builds the same <package>.tar.gz SBo submission tarball the post-commit hook produces, but on demand by name rather than at commit time:

.extras/mksboarchive feroxbuster        # writes ./feroxbuster.tar.gz
OUTPUT=/tmp .extras/mksboarchive hydra   # writes /tmp/hydra.tar.gz

Run it from the repo root: it looks for a <package>/<package>.SlackBuild below the current directory, removes any sbodl source symlinks from the package directory first (so they never leak into the tarball), then archives the directory. The output directory defaults to the current working directory and can be overridden with the OUTPUT environment variable. This means it works the same whether you run .extras/mksboarchive or an installed copy (e.g. in ~/bin), as long as you are in the repo root.

Vendored Crates (Rust packages)

Rust packages such as feroxbuster build from a vendored crates tarball (<pkg>-<version>-vendor.tar.gz) declared as a second source in the .info file, alongside the upstream tarball. The SlackBuild unpacks it, points cargo at it via .cargo/config.toml, and builds fully offline (cargo build --offline --locked).

This mirrors how SlackBuilds.org packages Rust (and Go) software. SBo builds must be reproducible from the checksummed sources declared in .info and run in a clean chroot with no network access. Letting cargo fetch from crates.io at build time would break that: builds would depend on crates.io being reachable and unchanged, and the SBo build farm (which runs offline) would reject the package.

The vendor tarball is generated once per version with cargo-vendor-filterer and hosted by the maintainer. SOURCE_DATE_EPOCH is pinned to the upstream release tag's commit date so the archive is byte-for-byte reproducible:

tar xf feroxbuster-<version>.tar.gz && cd feroxbuster-<version>
export SOURCE_DATE_EPOCH="$(date -u -d '<release-tag commit date>' +%s)"
cargo vendor-filterer \
  --platform=x86_64-unknown-linux-gnu \
  --prefix=vendor \
  --format=tar.gz \
  feroxbuster-<version>-vendor.tar.gz

The tag commit date comes from the GitHub API (commits/<tag>.commit.committer.date). Then update MD5SUM_x86_64 for the new tarball in the .info file. The exact command is also recorded in the package's own README.

About

A collection of programs and utilities to be built for Slackware, ready for a red team workstation

Topics

Resources

License

Stars

Watchers

Forks

Contributors

Languages